CIO Today HOME LATEST NEWS NEWSLETTERS SEARCH Search
  LATEST NEWS FOR SATURDAY MARCH 25

Close Search Box
CIO Today
DATA SECURITY
Celebrity Deaths Drive Spam, with Jackson Pervasive
Posted July 2, 2009
Celebrity Deaths Drive Spam, with Jackson Pervasive
Next Story
EARLIER
Microsoft Security Beta 'Sells Out' Within 24 Hours
THIS STORY
Celebrity Deaths Drive Spam, with Jackson Pervasive
Next Story
LATER
Microsoft Working on Patch for IE ActiveX Vulnerability
YOU ARE HERE:   HOME arrow DATA SECURITY arrow THIS STORY
NEWS OPS

By Jennifer LeClaire. Updated July 2, 2009 8:11AM

SHARE

ALSO SEE

With recent celebrity deaths, spammers are shifting strategies in hopes of cashing in on the misfortunes of others. Although several celebrities have passed away in the last few weeks, pop star Michael Jackson's death is driving the greatest spam volume.

Less than eight hours after Jackson's untimely death, Sophos began to intercept spam campaigns using the singer's name. Sophos also discovered cybercriminals taking advantage of 1970s TV icon Farrah Fawcett's death to spread fake antivirus software.

Mass Mailing Worms

Since then, Sophos reports large volumes of more spam, malware and other scams. For example, Sophos reports a mass-mailing worm that spams out messages with subject lines such as "Remembering Michael Jackson" with an attached file called "Michael songs and pictures.zip."

The e-mail, which claims to come from sarah@michaeljackson.com, says the attached ZIP file contains secret songs and photos of Michael Jackson. However, the reality is that opening the attachment exposes recipients to infection -- and if a computer is victimized, it spreads the worm to other Internet users.

Attackers have also set up a bogus Italian YouTube site link in an e-mail. When users click on the e-mail they get an error message indicating a Flash player upgrade is required in order to view the video. The download link ushers the victim to a fake codec that downloads a Trojan.

Exploiting Human Misery

How does the rash of celebrity deaths compare with other major world events? It's not at all unusual for the bad guys to try and take advantage of big international news stories in their attempts to infect computers and steal money, according to Graham Cluley, a senior security consultant at Sophos.

Cluley points to hackers in the past taking advantage of the death of the pope, the incarceration of Saddam Hussein, the death of kung-fu actor David Carradine, a Concorde crash in Paris, shootings at American universities, and terror bombings in London.

"What's clear is that cybercriminals have no qualms about taking advantage of human misery, and they understand that many people are so eager to get the latest news via the Net that they may not exercise enough caution when clicking on links and opening attachments," Cluley said. "It's up to users to be vigilant, and think carefully about what they're doing rather than putting themselves and their company's data at risk."

Shifting Spam Strategies

Noteworthy is the fact that Independence Day in the United States typically breeds spam. But Symantec is reporting spammers seem less passionate about spawning Independence Day spam this year. The probable reason for this neutrality could be the spam spike related to the death of Jackson.

Symantec warns of spam with subject lines related to any of these deaths trying to peddle fake medicines, fake antivirus software, and fake codecs. The security firm also warns of Twitter tweets about the deaths with links to malicious Web sites, social-networking site messages that could link to malware, and links to fake videos that attempt to infect users with malware.

"The Internet has gone wild since Michael Jackson, the 'King of Pop,' was reported dead on June 25," said Symantec's Vivian Ho. "We expect that spam and malware will keep coming in, given Michael Jackson's popularity and following. Recipients should be extra cautious about messages that appear to be related to Jackson's death, especially any e-mail that comes from an unknown or unexpected source."

Tell Us What You Think
Comment:

Name:

MORE IN DATA SECURITY

Next Article >

INSIDE CIO TODAY NETWORK SITES SERVICES BENEFITS